Hello,
Jim Doble a écrit :
Is there a way to use one set of routing rules for incoming packets and
a different set of routing rules for outgoing packets?
Yes, with advanced routing.
Quote from ip manpage (http://lartc.org/manpages/ip.txt) :
ip rule add - insert a new rule
[...]
iif NAME
select the incoming device to match. If the inter-
face is loopback, the rule only matches packets
originating from this host. This means that you
may create separate routing tables for forwarded
and local packets and, hence, completely segregate
them.
[end of quote]
So you can create an alternate routing table for locally-generated
packets. Incoming packets will use the default "main" routing table.
ip rule add iif lo lookup <output_table_number> prio 32765
ip route add <destination1> gw <gateway> table <output_table_number>
ip route add <destination2> dev <interface> table <output_table_number>
...
You need to have the following options enabled in your kernel to use
this feature.
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
